This Privacy Policy describes the information Mega Max Resources Inc. (MMR) and its affiliates and subsidiaries (together, “MMR,” “we,” “us,” or “our”) collects about you and how it is shared or otherwise used, what rights and choices you have over your personal information and our use of it, and the measures that Thorne takes to protect your information. This Privacy Policy applies to personal information collected by or on behalf of MMR, including information collected through our websites and mobile versions of our websites (collectively, the “Site”); our mobile app; our AI Chatbot; in person, by phone or other offline method; and anywhere else where we display this Privacy Policy (collectively the “Service”).

We collect the personal information you choose provide to us when you purchase our products or interact with the Service. The categories of information we may collect include:

Personal Identifiers, including name, email address, postal address, telephone number, and online Identifiers

Internet Activity

Commercial Information, including purchases

Financial Information, including credit or debit card number

Location Information, including general location data

Protected Classifications and Other Personal Characteristics, including age, sex, gender, or gender identity, and race, color, or ethnic origin

Consumer Communications, including direct communications with our consumers

Inferences from Other Data, including inferences created from other personal information you provide to us.

We have implemented measures designed to secure your personal information from accidental loss or unauthorized access, use, alteration, and disclosure. However, because no measure is ever 100% effective when transmitting information over the Internet, we do not guarantee that your information will be secure from theft, loss, or unauthorized access.

We will usually store the personal information we collect about you for no longer than necessary to fulfil the purposes for which it was collected, and in accordance with our legitimate business interests and applicable law. However, if necessary, we may retain personal data for longer periods of time, until set retention periods and deadlines expire, for instance where we are required to do so in accordance with legal, tax and accounting requirements set by a legislature, regulator or other government authority.

To determine the appropriate duration of the retention of personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of personal data and if we can attain our objectives by other means, as well as our legal, regulatory, tax, accounting and other applicable obligations.

Contract. Where we are processing personal data is based on contract, we generally will retain your personal data for the duration of the contract plus some additional limited period of time that is necessary to comply with law or that represents the statute of limitations for legal claims that could arise from our contractual relationship.

Legitimate Interests. Where we are processing personal data based on our legitimate interests, we generally will retain such information for a reasonable period of time based on the particular interest, taking into account your fundamental interests and your rights and freedoms.

Consent. Where we are processing personal data based on your consent, we generally will retain your personal data until you withdraw your consent, or otherwise for the period of time necessary to fulfil the underlying agreement with you or provide you with the applicable service for which we process that personal data.

Legal Obligation. Where we are processing personal data based on a legal obligation, we generally will retain your personal data for the period of time necessary to fulfil the legal obligation.

Legal Claim. We may need to apply a “legal hold” that retains information beyond our typical retention period where we face threat of legal claim or intent to establish a claim. In that case, we will retain the information until the hold is removed, which typically means the claim or threat of claim has been resolved.

When an individual discontinues the use of our services, we will retain their personal data for as long as necessary to comply with our legal obligations, to resolve disputes and defend claims, as well as, for any additional purpose based on the choices they have made, such as to receive marketing communications. In particular, we will retain personal data supplied when joining our services, including complaints, claims and any other personal data supplied during the duration of an individual’s contract with us for the services until the statutory limitation periods have expired, when this is necessary for the establishment, exercise or defense of legal claims.

In all cases, in addition to the purposes and legal bases, we consider the amount, nature and sensitivity of the personal data, as well as the potential risk of harm from unauthorized use or disclosure of your personal data.

Once retention of the personal data is no longer necessary for the purposes outlined above, we will either delete or deidentify the personal data or, if this is not possible (for example, because personal data has been stored in backup archives), then we will securely store the personal data and isolate it from further processing until deletion or deidentification is possible.